#!/bin/bash
IP_log=`cat /root/1.log|awk '{print $1}'|sort|uniq -c|sort -rn|head -10|awk '$1>40'|awk '{print $2}'`
cat /root/1.log|awk '{print $1}'|sort|uniq -c|sort -rn|head -10|awk '$1>40' > /tmp/xujun.txt
for n in $IP_log;do
iptables_ip=`iptables -L -n|grep -o $n`
   if [ "$iptables_ip" != "$n" ];then
       iptables -I INPUT -s $n -j DROP
       if [ $? -eq 0 ];then
             echo "以把$n封掉"
       else
             echo "命令执行失败"
       fi
   else
       echo "无IP可封"
   fi
done 
